<?php
/*
require_once 'Zend/Loader/Autoloader.php';
$loader = Zend_Loader_Autoloader::getInstance();
$loader->registerNamespace('Nld');
*/

class Nld_Acl extends Zend_Acl
{
	protected $_log;
	protected static $_instance = null;
	protected static $_cache;

	public function __construct()
	{
		foreach(Core_Helper_Array::arraySort(
			Nld_Models::getTable('Acl')->fetchAll()->toArray(), 
		 'taskcode', 'parentcode') as $resource)
		{
			$this->logging('Added resource: '.$resource['taskcode'].'<br />');
			$this->addResource($resource['taskcode'], 
				$this->has($resource['parentcode'])
					?$resource['parentcode']:null);
		}
		foreach(Core_Helper_Array::arraySort(
			Nld_Models::getTable('Group')->fetchAll()->toArray(), 
		 'groupcode', 'parentcode') as $group)
		{
			$this->logging('Added role: group:'.$group['groupcode'].
				(empty($group['parentcode'])?'':('-> group:'.$group['parentcode'])).'<br />');
			$this->addRole('group:'.$group['groupcode'],
				$this->hasRole('group:'.$group['parentcode'])
					?('group:'.$group['parentcode']):null);
		}
		foreach(Nld_Models::getTable('Users')->fetchAll() as $user)
		{
			$this->logging('Added role: user:'.$user['username'].
				(empty($user['groupcode'])?'':('-> group:'.$user['groupcode'])).'<br />');
			$this->addRole('user:'.$user['username'],
				$this->hasRole('group:'.$user['groupcode'])
					?('group:'.$user['groupcode']):null);
		}
		foreach(Nld_Models::getTable('Acl/ToGroup')->fetchAll()->toArray() as $acl)
		if($acl['permission'] == 'allow')
		{
			$this->allow('group:'.$acl['groupcode'], $acl['taskcode']);
		}
		else
		{
			$this->deny('group:'.$acl['groupcode'], $acl['taskcode']);
		}
		foreach(Nld_Models::getTable('Acl/ToUsers')->fetchAll()->toArray() as $acl)
		if($acl['permission'] == 'allow')
		{
			$this->allow('user:'.$acl['username'], $acl['taskcode']);
		}
		else
		{
			$this->deny('user:'.$acl['username'], $acl['taskcode']);
		}
	}
	public function logging($str = '') 
	{
		$this->_log = $this->_log.$str;
		return $this->_log;
	}
	public function isAllowed($roles = null, $resources = null, $privilege = null)
	{
		$resources = is_string($resources)?explode(',', $resources):$resources;
		foreach($resources as $resource)
		{
			if(!parent::isAllowed($roles, $resource, $privilege))
			{
				return false;
			}
		}
		return true;
	}
	public static function cached() 
	{
		if(is_null(self::$_instance))
		{
			self::$_instance = new self;
		}
		return self::$_instance;
		
		if( is_null(self::$_cache) ){ 
			$frontend = array( 
					'lifetime' => 7200, 
					'automatic_serialization' => true 
			); 

			$backend = array( 
					'cache_dir' => 'cache'
			); 
			self::$_cache = Zend_Cache::factory('Core', 'File', $frontend, $backend); 
			
			self::$_cache->save(new self, 'MyAcl'); 
		} 
		return self::$_cache->load('MyAcl'); 
	}
}

/*
$acl = MyAcl::cached();
echo '<pre>';
echo $acl->logging();
echo '<pre>';
echo $acl->isAllowed('group:manager', 'task:pages') ? 'allowed' : 'denied';
echo '<pre>';
echo $acl->isAllowed('group:manager', 'task:news') ? 'allowed' : 'denied';
echo '<pre>';
print_r($acl->getRoles());
echo '<pre>';
print_r($acl->getResources());
die();
*/